From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <guojiufu@sourceware.org>
Received: by sourceware.org (Postfix, from userid 2066)
 id 479833870898; Mon, 10 Aug 2020 07:12:51 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 479833870898
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org;
 s=default; t=1597043571;
 bh=U0NL7sQUyq3QhxOsl/jIoHhtGGv6P/gvUWxaNumyBgA=;
 h=From:To:Subject:Date:From;
 b=jvQavvshOA6WHJ/8Br6kS+WP/x+Fzh4AlYtOqTMw9rPwwrGu53TNLYKgo5u2I5PXz
 f68RGLOETejYLW1n/w5rXDmBZC9KWcTPGphYjRkQKWjxzhxjq2JL0O96OGRj+QZ8En
 ynTeezIZDZC4FXgLNEV9V+R7udsO9pa2wSxewfqA=
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Jiu Fu Guo <guojiufu@gcc.gnu.org>
To: gcc-cvs@gcc.gnu.org, libstdc++-cvs@gcc.gnu.org
Subject: [gcc(refs/users/guojiufu/heads/personal-branch)] libstdc++: Avoid
 overflow in istream::get(streambuf&) [LWG 3464]
X-Act-Checkin: gcc
X-Git-Author: Jonathan Wakely <jwakely@redhat.com>
X-Git-Refname: refs/users/guojiufu/heads/personal-branch
X-Git-Oldrev: 138b1d4f58af17986e856e665ffbd561c2c8740e
X-Git-Newrev: 4d1c5b4957db2cb07f1053b7b87767275497d52e
Message-Id: <20200810071251.479833870898@sourceware.org>
Date: Mon, 10 Aug 2020 07:12:51 +0000 (GMT)
X-BeenThere: libstdc++-cvs@gcc.gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Libstdc++-cvs mailing list <libstdc++-cvs.gcc.gnu.org>
List-Unsubscribe: <https://gcc.gnu.org/mailman/options/libstdc++-cvs>,
 <mailto:libstdc++-cvs-request@gcc.gnu.org?subject=unsubscribe>
List-Archive: <https://gcc.gnu.org/pipermail/libstdc++-cvs/>
List-Help: <mailto:libstdc++-cvs-request@gcc.gnu.org?subject=help>
List-Subscribe: <https://gcc.gnu.org/mailman/listinfo/libstdc++-cvs>,
 <mailto:libstdc++-cvs-request@gcc.gnu.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Aug 2020 07:12:51 -0000

https://gcc.gnu.org/g:4d1c5b4957db2cb07f1053b7b87767275497d52e

commit 4d1c5b4957db2cb07f1053b7b87767275497d52e
Author: Jonathan Wakely <jwakely@redhat.com>
Date:   Mon Jul 20 20:06:46 2020 +0100

    libstdc++: Avoid overflow in istream::get(streambuf&) [LWG 3464]
    
    Similar to the recent changes to basic_istream::ignore, this change
    ensures that _M_gcount doesn't overflow when extracting characters and
    inserting them into another streambuf.
    
    The solution used here is to use unsigned long long for the count. We
    assume that the number of characters extracted won't exceed the maximum
    value for that type, but even if it does we avoid any undefined
    behaviour.
    
    libstdc++-v3/ChangeLog:
    
            * include/bits/istream.tcc
            (basic_istream::get(__streambuf_type&, char_type): Use unsigned
            long long for counter and check if it would overflow _M_gcount.
            * testsuite/27_io/basic_istream/get/char/lwg3464.cc: New test.
            * testsuite/27_io/basic_istream/get/wchar_t/lwg3464.cc: New test.

Diff:
---
 libstdc++-v3/include/bits/istream.tcc              |  9 ++-
 .../27_io/basic_istream/get/char/lwg3464.cc        | 91 ++++++++++++++++++++++
 .../27_io/basic_istream/get/wchar_t/lwg3464.cc     | 91 ++++++++++++++++++++++
 3 files changed, 190 insertions(+), 1 deletion(-)

diff --git a/libstdc++-v3/include/bits/istream.tcc b/libstdc++-v3/include/bits/istream.tcc
index 5983e51873f..0289867c50b 100644
--- a/libstdc++-v3/include/bits/istream.tcc
+++ b/libstdc++-v3/include/bits/istream.tcc
@@ -375,17 +375,24 @@ _GLIBCXX_BEGIN_NAMESPACE_VERSION
 	      __streambuf_type* __this_sb = this->rdbuf();
 	      int_type __c = __this_sb->sgetc();
 	      char_type __c2 = traits_type::to_char_type(__c);
+	      unsigned long long __gcount = 0;
 
 	      while (!traits_type::eq_int_type(__c, __eof)
 		     && !traits_type::eq_int_type(__c, __idelim)
 		     && !traits_type::eq_int_type(__sb.sputc(__c2), __eof))
 		{
-		  ++_M_gcount;
+		  ++__gcount;
 		  __c = __this_sb->snextc();
 		  __c2 = traits_type::to_char_type(__c);
 		}
 	      if (traits_type::eq_int_type(__c, __eof))
 		__err |= ios_base::eofbit;
+	      // _GLIBCXX_RESOLVE_LIB_DEFECTS
+	      // 3464. istream::gcount() can overflow
+	      if (__gcount <= __gnu_cxx::__numeric_traits<streamsize>::__max)
+		_M_gcount = __gcount;
+	      else
+		_M_gcount = __gnu_cxx::__numeric_traits<streamsize>::__max;
 	    }
 	  __catch(__cxxabiv1::__forced_unwind&)
 	    {
diff --git a/libstdc++-v3/testsuite/27_io/basic_istream/get/char/lwg3464.cc b/libstdc++-v3/testsuite/27_io/basic_istream/get/char/lwg3464.cc
new file mode 100644
index 00000000000..6123ca5b713
--- /dev/null
+++ b/libstdc++-v3/testsuite/27_io/basic_istream/get/char/lwg3464.cc
@@ -0,0 +1,91 @@
+// Copyright (C) 2020 Free Software Foundation, Inc.
+//
+// This file is part of the GNU ISO C++ Library.  This library is free
+// software; you can redistribute it and/or modify it under the
+// terms of the GNU General Public License as published by the
+// Free Software Foundation; either version 3, or (at your option)
+// any later version.
+
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+
+// You should have received a copy of the GNU General Public License along
+// with this library; see the file COPYING3.  If not see
+// <http://www.gnu.org/licenses/>.
+
+// { dg-do run { target { ! lp64 } } }
+
+#include <istream>
+#include <streambuf>
+#include <limits>
+#include <testsuite_hooks.h>
+
+typedef char C;
+
+struct buff : std::basic_streambuf<C>
+{
+  typedef std::streamsize		  streamsize;
+  typedef std::numeric_limits<streamsize> limits;
+
+  buff() : count(0), buf() { }
+
+  int_type underflow()
+  {
+    // Number of characters left until we overflow the counter
+    const streamsize headroom = limits::max() - count;
+
+    if (headroom == 0)
+      return traits_type::eof();
+
+    if (bufsz < headroom)
+      count += bufsz;
+    else
+      count = limits::max();
+
+    this->setg(buf + 1, buf + 1, buf + bufsz);
+
+    return buf[0];
+  }
+
+  int_type overflow(int_type c)
+  {
+    if (traits_type::eq_int_type(c , traits_type::eof()))
+      return c;
+    this->setp(buf, buf + bufsz - 1);
+    return traits_type::not_eof(c);
+  }
+
+  streamsize count;
+
+  static const streamsize bufsz = (2048 << limits::digits10) + 1;
+  char_type buf[bufsz];
+};
+
+void
+test01()
+{
+  // Not possible to overflow 64-bit streamsize in reasonable time.
+  if (std::numeric_limits<std::streamsize>::digits > 32)
+    return;
+
+  std::basic_istream<C> in(new buff);
+  buff out;
+  in.get(out);
+  VERIFY( in.gcount() == std::numeric_limits<std::streamsize>::max() );
+
+  delete in.rdbuf(new buff);
+
+  in.get();
+  VERIFY( in.gcount() == 1 );
+
+  in.get(out, 'a');
+  VERIFY( in.gcount() == std::numeric_limits<std::streamsize>::max() );
+}
+
+int
+main()
+{
+  test01();
+}
diff --git a/libstdc++-v3/testsuite/27_io/basic_istream/get/wchar_t/lwg3464.cc b/libstdc++-v3/testsuite/27_io/basic_istream/get/wchar_t/lwg3464.cc
new file mode 100644
index 00000000000..6df244cc32d
--- /dev/null
+++ b/libstdc++-v3/testsuite/27_io/basic_istream/get/wchar_t/lwg3464.cc
@@ -0,0 +1,91 @@
+// Copyright (C) 2020 Free Software Foundation, Inc.
+//
+// This file is part of the GNU ISO C++ Library.  This library is free
+// software; you can redistribute it and/or modify it under the
+// terms of the GNU General Public License as published by the
+// Free Software Foundation; either version 3, or (at your option)
+// any later version.
+
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+
+// You should have received a copy of the GNU General Public License along
+// with this library; see the file COPYING3.  If not see
+// <http://www.gnu.org/licenses/>.
+
+// { dg-do run { target { ! lp64 } } }
+
+#include <istream>
+#include <streambuf>
+#include <limits>
+#include <testsuite_hooks.h>
+
+typedef wchar_t C;
+
+struct buff : std::basic_streambuf<C>
+{
+  typedef std::streamsize		  streamsize;
+  typedef std::numeric_limits<streamsize> limits;
+
+  buff() : count(0), buf() { }
+
+  int_type underflow()
+  {
+    // Number of characters left until we overflow the counter
+    const streamsize headroom = limits::max() - count;
+
+    if (headroom == 0)
+      return traits_type::eof();
+
+    if (bufsz < headroom)
+      count += bufsz;
+    else
+      count = limits::max();
+
+    this->setg(buf + 1, buf + 1, buf + bufsz);
+
+    return buf[0];
+  }
+
+  int_type overflow(int_type c)
+  {
+    if (traits_type::eq_int_type(c , traits_type::eof()))
+      return c;
+    this->setp(buf, buf + bufsz - 1);
+    return traits_type::not_eof(c);
+  }
+
+  streamsize count;
+
+  static const streamsize bufsz = (2048 << limits::digits10) + 1;
+  char_type buf[bufsz];
+};
+
+void
+test01()
+{
+  // Not possible to overflow 64-bit streamsize in reasonable time.
+  if (std::numeric_limits<std::streamsize>::digits > 32)
+    return;
+
+  std::basic_istream<C> in(new buff);
+  buff out;
+  in.get(out);
+  VERIFY( in.gcount() == std::numeric_limits<std::streamsize>::max() );
+
+  delete in.rdbuf(new buff);
+
+  in.get();
+  VERIFY( in.gcount() == 1 );
+
+  in.get(out, 'a');
+  VERIFY( in.gcount() == std::numeric_limits<std::streamsize>::max() );
+}
+
+int
+main()
+{
+  test01();
+}